Security flaws could be exploited by bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud. The two vulnerabilities, dubbed “” and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date. The bugs reside in its Oracle Human Resources Management System (HRMS) in a component called Hierarchy Diagrammer.
Source: https://thehackernews.com/2020/06/oracle-e-business-suite.html